package com.liy.teaching.spring.security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;


@RestController
public class TestController {

    @GetMapping("/demo")
    public String demo() {
        return "access  /test/demo  success";
    }

    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @GetMapping("/admin")
    public String admin() {
        return "access /test/admin";
    }

    @PreAuthorize("hasRole('ROLE_NORMAL')")
    @GetMapping("/normal")
    public String normal() {
        return "access /test/normal";
    }

    // 在 WebSecurityConfigurer 中配置的
    @GetMapping("/config/admin")
    public String configAdmin() {
        return "/config/admin";
    }

    // 在 WebSecurityConfigurer 中配置的
    @GetMapping("/config/normal")
    public String configNormal() {
        return "access /config/normal ";
    }
}
